A UK view on Cyber, Information & IT Security by Security Expert Dave Whitelegg. Providing advice and explaining security for everyone, and also contemplating advanced themes and future trends in security.
With a focus on all the latest developments & issues within the UK Information Security space such as Hacking, DDoS, Botnets, Malware, Identity Theft, Data Protection (DPA) and regulatory compliance like PCI DSS & ISO27001:2013, all will be explained in an easy to understand way.

Friday, 28 October 2011

Securely Wiping your Personal Data from the iPhone

It seems like every year Apple release a better 'must have' version of the amazing iPhone, sparking a rush to upgrade by the masses. Ensuring all your precious personal information is securely removed from your old iPhone is an essential step to take before trading in or selling your old iPhone on eBay. Like any smartphone, the iPhone hoards all types of sensitive information about you, not just your embarrassing ABBA playlist and dodgy drunken pictures from the weekend, but all your Emails including access to future mails, username and passwords for websites and social media, and even sensitive financial information such as bank account and credit card details are often stored. So unless you are putting your iPhone through an industrial crusher, you really need to ensure you erase all the data from it before passing it on, this post explains how.

This data erasing advice and method also applies to the iPad and iPod Touch

If your old iPhone is a 3GS or an above model, then securely erasing your personal data is simple enough. The 3GS and above iPhone models comes with built in hardware encryption by default (not that you can switch it off), namely the iPhone uses AES-256 encryption, which encrypts all data stored on the iPhone to a strong industry accepted standard. This is not to say your personal data is safe if your iPhone is lost or stolen, due to the way Apple have implemented this encryption, however that is the subject of another blog post, the important thing here is all the your personal data that is stored on the iPhone, is strongly encrypted, therefore by merely deleting the encryption key securely from the iPhone (and everywhere else), will render all the personal data inaccessible.

Built into the iPhone iOS is an option to erase all the data on it and restore it to factory conditions. Apple states the encryption keys are removed (which doesn't take long) and then a series of ones are written to the entire data partition, which is why it takes a couple of hours to complete the process.

"When you opt to “Erase All Content and Settings,” the process can take up to several hours. The time this process takes will vary by device:Devices that support hardware encryption: Erases user settings and information by removing the encryption key to the data. This process takes just a few minutes.Devices that overwrite memory: Overwrites user settings and information, writing a series of ones to the data partition. This process can take several hours, depending on the storage capacity of your iPhone or iPod touch. During this time, the device displays the Apple logo and a progress bar." - Apple

The overwrite of the entire data partition with ones post encryption key removal makes the process secure enough to trust in terms of general third party data recovery risk in my personal view, however military organisations and some industries (and the paranoid) may well require further overwrite passes of the data partition with further 1s and 0s, for which there is commercial software available, such as iShredder. If anyone has managed to recover data from an iPhone following Apple's erasing process, I'm yet to hear about it.

How to Erase your Personal Data from the iPhone1. Backup your iPhone in iTunes, you may well want to restore your personal information to your new iPhone.2. Make sure the iPhone has power, this process might take a couple of hours to complete, you don't want the iPhone to run out of battery life before finishing.3. On the iPhone go into "Settings"4. Then select "General"5. At the bottom tap "Reset>"6. Select "Erase All Content and Settings"

6. Tap "Erase iPhone"7. Wait a couple of hours and you are done.

Finally don't forget to remove the SIM card. The iPhone doesn't store any data on the SIM card but it is a wise precaution just in case your mobile operator doesn't de-active it properly, also its not like the person you are selling the iPhone to needs it anyway.

21 comments:

It's amazing how many people will sell their old phone to a store when they update, and leave information on there.A friend of mine works in such a store in Stockport and one iPhone he got sold had not only some bank details including a password but some pretty let's say near-to-the-knuckle photos of what could possibly be a girlfriend.Think before you sink!

Interesting article, though there is a MacOSG article that says that a police officer managed to recover data despite erasure...The article is not dated...but it would be interesting to see what the author thinks...

Would you rather spend all of that money on MORE portable devices that can do the exact same things as your phone, or would you rather SAVE all of that extra money and just use your phone and use all of that extra money on more important things? Hell, if my phone works﻿ perfectly fine showing movies on the go then why the heck would I spend money on extra stuff to do the exact same thing? @Jackson

These are some of the things we really need to take care of, people generally in hurry don't bother about this but this is something essential. Our personal data in someone's hand can destroy us if it's important one.

I am happy to find this post very useful for me, as it contains lot of information. This is first time see this information I want to say that it is very good and informative. resume writing I like it and I appreciate you for your effort.

About Me

ShareThis

Disclaimer

This is a personal website, all views or opinions represented in this blog are personal to Dave Whitelegg and guest bloggers that post, and do not represent the views or opinions of any business or organisation. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information.

All original content copyright David Whitelegg 2007-2014. You may not use any original content with. Awesome Inc. template. Powered by Blogger.